Custom SSL allows you to install your own SSL certificate using a shared IP address and SNI. This option will allow you to install your own SSL Certificate, Private Key, and CA/Chain-Bundle.
SNI is widely supported in modern browsers but has some compatibility issues with old browser versions and some mobile devices (IE6 on Windows XP or older).
The image below provides a quick description of how SNI SSL works:
Requirements for Customer SSL Installation
- The Certificate (CRT), also known as a public key - this is sent to visitors and used as the initial key for data encryption.
- The Private Key - this is the only key that can be used to decrypt information that was encrypted by your public key.
- The Certificate Authority Bundle (CA Bundle) - A key sent from a Certificate Authority that can be used to verify the validity of your SSL certificate.
Installing a Custom SSL Certificate
- Log into the StackPath Portal
- Go to CDN and then click Edge SSL.
- Select Upload My Own from the Upload Custom SSL Certificate box.
- When selecting Upload My Own you will be asked to upload the parts of an SSL certificate covering the domain you wish to use.
- After your certificate is uploaded, the delivery domain covered by the certificate will need to be added under the CDN Settings tab, under Delivery Domains
- The final step to setting up a custom delivery domain for use with the CDN is to change the DNS records for the delivery domain. A CNAME must be created to link the domain to our network. With the following configuration, the 'cdn' subdomain will be a direct link to the CDN URL.
- Once DNS settings have propagated, the custom delivery domain can safely be used in place of the CDN URL for any static asset integration. Note: It can take up to 24 hours for any DNS changes to propagate, please check www.whatsmydns.net for propagation status of any given subdomain. Or, with full-site integration, your entire website will be delivered by the CDN without any further steps.
If you make your CNAME record before adding your subdomain to the Delivery Domains section, your CNAME will return 404 responses.